We performed a comparison between IBM Security QRadar and LogRhythm SIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: IBM Security QRadar users say the solution provides extensive information and helpful leads for locating pertinent data. Users praised LogRhythm SIEM for its user-friendly centralized dashboard, strong integration capabilities, and event-filtering capabilities. QRadar stands out with its comprehensive network visibility and strong SIEM capabilities. IBM Security QRadar could improve its rule deployment and lower its false positive rate. Users would also like expanded storage capacity, streamlined user management, and a more mature architecture. LogRhythm users requested expanded log storage, better load balancing, and streamlined search capabilities.
Service and Support: Some customers of IBM Security QRadar have had trouble connecting with knowledgeable support staff and experienced delayed responses. LogRhythm SIEM was generally praised for its helpful and knowledgeable support, although there have been occasional delays and knowledge problems.
Ease of Deployment: IBM Security QRadar's initial setup can be complex for users without expertise, and the difficulty may vary depending on the size of the data set. Small or medium-sized companies generally find LogRhythm SIEM's setup to be straightforward. However, it is more time-consuming and complex for enterprise deployments involving multiple components or vendors, and users often require assistance from professional services or LogRhythm-certified engineers.
Pricing: IBM Security QRadar can be costly because users need to buy new hardware to upgrade. LogRhythm SIEM’s license typically includes all elements. However, enterprise customers may encounter complexities related to additional features and add-ons.
ROI: IBM Security QRadar delivers a high return on investment, improving security through its advanced user behavior analytics. LogRhythm SIEM has proven to be highly valuable, delivering a significant ROI by reducing the mean time to detect and respond.
Comparison Results: Our users prefer LogRhythm SIEM over IBM QRadar. Users value LogRhythm SIEM for its seamless integration, effective log correlation, and efficient event filtering. LogRhythm SIEM yields a solid return on investment and offers stellar customer service. Customers find LogRhythm SIEM's pricing and licensing competitive, making it a more affordable option for those with budget constraints.
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"It has a lot of great features."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The initial setup is very simple and straightforward."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The machine learning and artificial intelligence on offer are great."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"The Log analytics are useful."
"The feature that I have found most valuable is its artificial intelligence component, Watson. Its contribution is pretty good from a machine-learning artificial intelligence perspective. This compliments the orchestration automation component, as well."
"The monitoring and dashboards are great."
"It is suitable for large companies with critical infrastructure. For our clients, robustness, availability at a high level, and the level of references and experiences connected to the solution are important."
"It's quite scalable. We have upgraded some solutions from 1000 APS up to 3500 APS to 5000 APS. It's a good solution, they have no scalability issues."
"It is very stable. We have not faced interruptions in the past four and a half years."
"We have worked with other solutions, such as LogRhythm and Splunk. Compared to others, IBM QRadar has the best price-performance ratio so that you are able to reserve minimum costs. It starts settling in fast and gets the first results very quickly. It is also very scalable."
"There is a single dashboard that gives us a complete overview of what is happening around the globe."
"This is a good tool to have because it gives you the ability to track what is currently happening in your environment."
"I would rate the product a ten out of ten. The solution is very user-friendly and straightforward. The tool's report customization is interesting."
"The product is great for medium to large-scale organizations."
"NextGen SIEM's most valuable feature is its user-friendliness."
"The PCI compliance pieces that help us produce reports for our external auditor, and their support."
"It has allowed us to dive deeper into our network and figure out what is going on by parsing logs properly and being able to reduce the time it takes to work cases down from seven days to approximately two days."
"I find LogRhythm's log management capabilities to be beneficial."
"I would say the most valuable feature of LogRhythm is that it has built-in UEBA functionality, among other basic Windows packages."
"The daily alerts allow me to quickly find security and operations issues which need to be addressed."
"One key area that can be improved is by building a strong integration with our XDR platform."
"We'd like also a better ticketing system, which is older."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"The solution could be more user-friendly; some query languages are required to operate it."
"QRadar UBA only keeps the data for a short while (it's refreshed every five minutes) and would be improved if this were extended to a week or month."
"IBM QRadar could improve the plugins and threat detection."
"IBM Security QRadar lacks automated response. With this feature, there's no need to visit VirusTotal or other sites for IP reputation. There should be a small plug-in where users can click to retrieve details about the reputation and organization of public IP."
"The solution could improve by having more out-of-the-box use cases."
"It needs more resilience and functionality."
"The advanced planning management (APM) features should be included."
"The product is good, but one feature they should have is an Elasticsearch. Currently, in QRadar, there are no Elasticsearch criteria."
"The dashboard and reports are not user-friendly or efficient so are of little help with threat hunting activity."
"I would like to see more integration with more products that are out there within the same security field."
"Their ticketing system for managing cases can be improved. They can either do that or adopt some of the open-source ticket systems into theirs. The current system works and gets the job done, but it is very bare-bones and basic. There are some things that could be improved there. They should also bring in more threat intelligence into the product and also probably start to look into the integration of more cloud or SAS products for ingesting logs. They're doing the work, but with the explosion of COVID, a lot of businesses have started to move towards more cloud applications or SAS applications. There is a whole diverse suite of SAS products out there, which is a challenge for them and I get it. They seem to be focusing on the big ones, but it'll be nice to be able to, for example, pull in Microsoft logs from Office 365. They are working towards a better way of doing that, and they have a product in the pipeline to pull logs in from other SAS applications. The biggest thing for them is going to be moving away from a Windows Server infrastructure into a straight-up Linux, which is more stable in my eyes. For the backend, they can maybe move into more of an up-to-date Elastic search engine and use less of Microsoft products."
"More detail in the alerts given to avoid additional searches, as often the source or destination associated with the alert is not evidenced."
"More help and assistance with some of the open source products, everything seems to be focused on Windows versus giving some guidance and some documentation on how to use it."
"It is a product that is very hard to use."
"We do about 750 million a day and some days we do 715 million. Some days we do 820 million or 1.2 billion. But there's no way to drill in and find out: "Where did I get 400,000 extra logs today?" What was going on in my environment that I was able to absorb that peak? I have no way to identify it without running reports, which will produce a long-running PDF that I have to somehow compare to another long-running PDF... I would like to see like profiling behavior awareness around systems like they've been gunned to do around users with UEBA."
"We have run into problems with stability going through upgrade processes. Recently, we have been on the front edge of the upgrade path. When that happens we tend to run into issues either with certain functionality not working after the upgrades or stability issues because of the upgrades."
"NextGen SIEM has separate rules for AI, advanced intelligence, and MP rules - it would be better to have a centralized way to write the rules and create alarms."
IBM Security QRadar is ranked 6th in Log Management with 198 reviews while LogRhythm SIEM is ranked 7th in Log Management with 166 reviews. IBM Security QRadar is rated 8.0, while LogRhythm SIEM is rated 8.4. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, Elastic Security, Fortinet FortiSIEM and Sentinel, whereas LogRhythm SIEM is most compared with Splunk Enterprise Security, Wazuh, Fortinet FortiSIEM, LogRhythm Axon and Elastic Security. See our IBM Security QRadar vs. LogRhythm SIEM report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.